
<?php
header('Content-type:text/html;charset=utf-8');
include_once("../class/mysqlclass.php");
session_start();
//防注入
$usn = trim($_POST['username']);
$psw = trim($_POST['password']);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (empty(Addslashes($usn))){
        echo "<script>alert('用户名不能为空！');location.href='../html/login.html';</script>";
		exit();
    }
    if (empty(Addslashes($psw))){
        echo "<script>alert('密码不能为空！');location.href='../html/login.html';</script>";
		exit();
    }
}
//用户是否存在
$mysqli = new test;
$mysqli = $mysqli -> Con();
$sql = "select * from user where username='{$usn}'";
$res=$mysqli->query($sql);
$num=0;
foreach($res as $var){
	$_SESSION['tph']= $var['telephone'];
	$_SESSION['age']= $var['age'];
	$_SESSION['psw']= $var['password'];
	$num++;
}
// $res=$res->rowCount();
if($num == 1){
	//判断密码是否一致
	if($psw== $_SESSION['psw']){
		$_SESSION['usn']=$usn;
		$_SESSION['psw']=$psw;
	    $_SESSION['ath']=$usn;
	    $_SESSION['tle']= NULL;
		$_SESSION['con']= NULL;
	    $_SESSION['dsc']= NULL;
		echo "<script>alert('登录成功！正在登录……');location.href='home.php';</script>";
		} else{
			echo "<script>alert('您的密码错误，请重新登录！');location.href='../html/login.html';</script>";}
    
}else {
	echo "<script>
			var chos =confirm('用户不存在！请前去注册。');
			if(chos){
				location.href='../html/register.html';
			}else{
				location.href='../html/login.html';
			}
		</script>";
}
?>